Wallet::ACL::Krb5

(Simple wallet ACL verifier for Kerberos principals)

SYNOPSIS

    my $verifier = Wallet::ACL::Krb5->new;
    my $status = $verifier->check ($principal, $acl);
    if (not defined $status) {
        die "Something failed: ", $verifier->error, "\n";
    } elsif ($status) {
        print "Access granted\n";
    } else {
        print "Access denied\n";
    }

DESCRIPTION

Wallet::ACL::Krb5 is the simplest wallet ACL verifier, used to verify ACL lines of type krb5. The value of such an ACL is a simple Kerberos principal in its text display form, and the ACL grants access to a given principal if and only if the principal exactly matches the ACL.

METHODS

new()

Creates a new ACL verifier. For this verifier, there is no setup work.

check(PRINCIPAL, ACL)

Returns true if PRINCIPAL matches ACL, false if not, and undef on an error (see DIAGNOSTICS below).

error()

Returns the error if check() returned undef.

DIAGNOSTICS

malformed krb5 ACL

The ACL parameter to check() was malformed. Currently, this error is only given if ACL is undefined or the empty string.

no principal specified

The PRINCIPAL parameter to check() was undefined or the empty string.

SEE ALSO

Wallet::ACL(3), Wallet::ACL::Base(3), wallet-backend(8)

This module is part of the wallet system. The current version is available from <http://www.eyrie.org/~eagle/software/wallet/>.

AUTHOR

Russ Allbery <eagle@eyrie.org>

Last modified and spun 2016-01-24